question:
is this related to udp traffic not allowed through one of routers? I disabled firewalls, made TP-Link DMZ in NetGear and my machine DMZ in TP-Link, so all security down, still +tcp works, but no way without it. So how am I able to search web? Tcp is a backdoor that browser uses? But I have sendmail and need to resolve domains.

now I set TP-Link primary DNS as 192.168.0.1 and Secondary to 192.168.1.1 and dig google.com goes well, while +tcp gives:

I don't understand who responds to dig, I can see that +tcp is refused on my routers
–
tinky_winkyMay 5 '13 at 19:50

should I put DNS server address, i.e 8.8.8.8 in DHCP Settings in TP-Link or should I put there address of router, so 192.168.1.1, or maybe address of TP-Link 192.168.0.1?
–
tinky_winkyMay 5 '13 at 19:57

1 Answer
1

When you do dig @8.8.8.8 wp.pl a request is sent to Google's nameserver. Google's nameserver is not authoritative for the domain wp.pl.(whatever you may have set in your search domains); (The last bit could be a source of trouble; do dig @8.8.8.8 wp.pl. in the future to stop additional searches.), and if it doesn't have a cached record to give you, it will tell you what nameserver is authoritative for that domain; A second request will then be sent to the server Google gives you...

However... For nameservers, you might want to use the nameservers DHCP assigns you; I doubt both 192.168.1.1 and 0.1 were given to you. The lone DNS server I get from DHCP corresponds to my DSL modem/router's gateway, which means having only one resolver in my local configuration is perfect: if I can't reach my gateway, or if my gateway can't talk to whatever DNS servers it gets from its provisioning DHCP server (in which I have no visibility into), then it's unlikely any manual additions I add will provide any additional utility, but likely that it will decrease the performance of DNS queries, and thus, my perceived responsiveness of my Internet activities.

When I use the following tcpdump statement to look at DHCP data:

mini-nevie:~ root# tcpdump -i en1 -nv udp port 67 and udp port 68

the last packet I get from the DCHP server, an ACK(nowledgement) packet contains the configuration parameters for my host:

In the "Domain-Name-Server Option 6" field, the DHCP server provides me with 2 IP addresses; in this case, they're identical. They happen to match my gateway, 192.168.2.1. While I've looked all through my DSLmodem's config pages, I cannot see what servers it's using. In my previous service, I did PPOE right on my Mac, and IIRC, the two servers were local resolvers in my province.

My advice is to use the nameserver(s) that are provided to you via DHCP.

192.168.0.1 and 1.1 were put by myself because I think maybe I should point to gateway? so you say, definitely I should put in every machine on my network even if it is nested in additional network not to my router 1.1 but to nameservers that I can see in router's configuration as received from ISP?
–
tinky_winkyMay 6 '13 at 11:28